Cyware Daily Threat Intelligence February 19, 2019

See All
Top Breaches Reported in the Last 24 Hours

2.7 million health-related calls exposed
A server containing around 2.7 million health-related calls, was found completely exposed on the internet. The recorded conversations which date back to at least 2013, were made to the 1177 Swedish Healthcare Guide. Some of these calls had recorded Social Security numbers and telephone numbers of victims seeking health-related advice from 1177 Care Guide service. Following the discovery of the data leak, access to the unsecured server has been blocked. The leaked data is no longer available on the internet. 

Cyber-attack on Australian parliament
Australian parliament has suffered a sophisticated cyber-attack recently. Although the threat actors behind the attack are unknown, it is believed that the attack was primarily carried out to target major political parties. Threat actors are said to have made attempts to access the network systems of the parliament but were blocked before any confidential information could be accessed.

Top Malware Reported in the Last 24 Hours

GandCrab returns
Threat actors have discovered a new way to infect Managed Service Providers and their customers with the notorious GandCrab ransomware. They are exploiting an old flaw (CVE-2017-18362) existing in unpatched versions of the ConnectWise ManagedITSync integration plug-in tool to distribute the malware. Once installed, the ransomware locks up all the customers' endpoints, including servers and later demands a ransom.

Rietspoof malware
A new multi-stage malware named Rietspoof that is distributed via Skype or Facebook Messenger, has been discovered by security researchers. The malware is primarily designed to drop multiple payloads on the systems. It gains persistence over an infected system by placing an LNK (shortcut) file in the Windows /Startup folder.

New malware infiltration technique
Security researchers have come across a new malware infiltration technique that can enable attackers to execute malware on a victim's machine without the user actually opening the malicious Word Document file. This is possible when the user is previewing the file via 'Preview Pane' in Windows Explorer or Outlook. 




  • Share this blog:
Previous
Cyware Daily Threat Intelligence February 20, 2019
Next
Cyware Daily Threat Intelligence February 18, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.